From 1a23041b93348bb2a36febe29af844ec12b17538 Mon Sep 17 00:00:00 2001 From: Mikhail Volkhov Date: Thu, 29 Aug 2024 13:07:12 +0100 Subject: [PATCH] Lagrange comp pow2pow fix --- src/lib/pickles/wrap_verifier.ml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/src/lib/pickles/wrap_verifier.ml b/src/lib/pickles/wrap_verifier.ml index 2120c7ef7ce3..11b0ea1a4df0 100644 --- a/src/lib/pickles/wrap_verifier.ml +++ b/src/lib/pickles/wrap_verifier.ml @@ -369,8 +369,20 @@ struct (* TODO: num_bits should maybe be input_length - 1. *) Ops.bits_per_chunk * Ops.chunks_needed ~num_bits:input_length in - let rec pow2pow x i = - if i = 0 then x else pow2pow Inner_curve.Constant.(x + x) (i - 1) + (* computes 2^i *) + let rec field2pow f i = + if i = 1 then f + else + let j = i - 1 in + Inner_curve.Constant.Scalar.(f * field2pow f j) + in + (* computes 2^actual_shift *) + let two_to_actual_shift = + field2pow (Inner_curve.Constant.Scalar.of_int 2) actual_shift + in + (* computes [2^actual_shift] G *) + let field_to_two_to_shift g = + Inner_curve.Constant.scale g two_to_actual_shift in let base_and_correction (h : Domain.t) = let d = Int.pow 2 (Domain.log2_size h) in @@ -383,7 +395,7 @@ struct let open Inner_curve.Constant in let g = of_affine g in ( Inner_curve.constant g - , Inner_curve.constant (negate (pow2pow g actual_shift)) ) + , Inner_curve.constant (negate (field_to_two_to_shift g)) ) | Infinity -> (* Point at infinity should be impossible in the SRS *) assert false ) @@ -1373,6 +1385,7 @@ struct let challenge_polynomial = G.challenge_polynomial (module Field) + (* computes pt^{2^n} *) let pow2pow (pt : Field.t) (n : int) : Field.t = with_label __LOC__ (fun () -> let rec go acc i =